package com.system.filter;

import com.system.mapper.AuthorityMapper;
import com.system.pojo.Authority;
import com.system.pojo.SysUser;
import com.system.utils.ContextUtil;
import org.springframework.security.access.AccessDeniedException;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.List;

/**
 * @author yjymm
 * @date 2019-12-15 23:38
 */
public class AuthorizationFilter implements Filter {

//    @Autowired
    private AuthorityMapper am;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        am = ContextUtil.getBean(AuthorityMapper.class);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("进入权限filter");
        System.out.println(am);
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpSession session = request.getSession();
        String requestURI = requestUriHandler(request.getRequestURI());
        if (requestURI.equals("/sysUser/login") || requestURI.equals("/") 
        		|| requestURI.equals("/login.html") 
        		|| requestURI.contains("resources")
        		|| requestURI.contains("logout")){
            System.out.println("放行了");
            filterChain.doFilter(request, response);
			
//			request.getRequestDispatcher("/login.html") .forward(request, response);
//			return;
			 
        }else{
            SysUser sysUser = (SysUser) session.getAttribute("sysUser");
            if (sysUser == null){
                request.getRequestDispatcher("/login.html")
                        .forward(request, response);
                return;
            }
            boolean hasAutho = authorization(sysUser.getSysRole().getId(),requestURI);
            if (hasAutho){
                //验证通过，有权限访问
                System.out.println("权限验证通过");
                filterChain.doFilter(request, response);
            }else{
                //无权限访问，转发到403页面
                System.out.println("权限验证失败");
                throw new AccessDeniedException("无权限访问");
            }
        }
    }

    public boolean authorization(Integer id,String requestURI ){
        List<Authority> authorities = am.selectByRoleId(id);
        System.out.println("请求url = "+requestURI);
        boolean hasAutho = false;
        for (Authority authority : authorities) {
            System.out.println(authority.getPath());
            if (requestURI.contains(authority.getPath())){
                hasAutho = true;
                break;
            }
        }
        return hasAutho;
    }

    public String requestUriHandler(String uri) {
        String substring = uri.substring(1);
        String substring1 = substring.substring(substring.indexOf("/"));
        System.out.println(substring1);
        return substring1;
    }
}
